aboutsummaryrefslogtreecommitdiff
path: root/migrations
diff options
context:
space:
mode:
Diffstat (limited to 'migrations')
-rw-r--r--migrations/auth/20250722_02_M8TXv-add-system-user-edit-privilege-to-system-admin-role.py36
1 files changed, 36 insertions, 0 deletions
diff --git a/migrations/auth/20250722_02_M8TXv-add-system-user-edit-privilege-to-system-admin-role.py b/migrations/auth/20250722_02_M8TXv-add-system-user-edit-privilege-to-system-admin-role.py
new file mode 100644
index 0000000..b956bef
--- /dev/null
+++ b/migrations/auth/20250722_02_M8TXv-add-system-user-edit-privilege-to-system-admin-role.py
@@ -0,0 +1,36 @@
+"""
+Add 'system:user:edit' privilege to 'system-admin' role.
+"""
+import contextlib
+
+from yoyo import step
+
+__depends__ = {'20250722_01_7Gro7-create-new-system-user-edit-privilege'}
+
+
+def system_administrator_role_id(cursor):
+ """Fetch ID for role 'system-administrator'."""
+ cursor.execute(
+ "SELECT role_id FROM roles WHERE role_name='system-administrator'")
+ return cursor.fetchone()[0]
+
+
+def add_system_user_edit_privilege(conn):
+ """Add the 'system:user:edit' to the 'system-administrator' role."""
+ with contextlib.closing(conn.cursor()) as cursor:
+ cursor.execute(
+ "INSERT INTO role_privileges(role_id, privilege_id) "
+ "VALUES(?, ?)",
+ (system_administrator_role_id(cursor), 'system:user:edit'))
+
+
+def remove_system_user_edit_privilege(conn):
+ """Remove the 'system:user:edit' from the 'system-administrator' role."""
+ with contextlib.closing(conn.cursor()) as cursor:
+ cursor.execute(
+ "DELETE FROM role_privileges WHERE role_id=? AND privilege_id=?",
+ (system_administrator_role_id(cursor), 'system:user:edit'))
+
+steps = [
+ step(add_system_user_edit_privilege, remove_system_user_edit_privilege)
+]